public async Task <ActionResult> ACS(IFormCollection collection)
{
string samlResponse = "";
string redirect = "";
AuthResponse resp = new AuthResponse();
try
{
samlResponse = Encoding.UTF8.GetString(Convert.FromBase64String(collection["SAMLResponse"]));
redirect = Encoding.UTF8.GetString(Convert.FromBase64String(collection["RelayState"]));
resp.Deserialize(samlResponse);
}
catch (Exception ex)
{
_logger.LogError(ex, "Error reading SAML Response {0}", samlResponse);
}
if (resp.RequestStatus == SamlRequestStatus.Success)
{
//CookieOptions options = new CookieOptions();
//options.Expires = resp.SessionIdExpireDate;
//Response.Cookies.Delete("SPID_COOKIE");
//Response.Cookies.Append("SPID_COOKIE", JsonConvert.SerializeObject(resp), options);
var scheme = "SPIDCookie"; //CookieAuthenticationDefaults.AuthenticationScheme
var claims = resp.GetClaims();
var identityClaims = new List <Claim>();
foreach (var item in claims)
{
identityClaims.Add(new Claim(item.Key, item.Value, ClaimValueTypes.String, resp.Issuer));
}
identityClaims.Add(new Claim(ClaimTypes.Name, claims["Name"], ClaimValueTypes.String, resp.Issuer));
identityClaims.Add(new Claim(ClaimTypes.Surname, claims["FamilyName"], ClaimValueTypes.String, resp.Issuer));
identityClaims.Add(new Claim(ClaimTypes.Email, claims["Email"], ClaimValueTypes.String, resp.Issuer));
var identity = new ClaimsIdentity(identityClaims, scheme);
var principal = new ClaimsPrincipal(identity);
HttpContext.User = principal;
await AuthenticationHttpContextExtensions.SignInAsync(HttpContext, scheme, principal,
new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = true,
AllowRefresh = false
});
}
if (string.IsNullOrEmpty(redirect))
{
redirect = "/";
}
return(Redirect(redirect));
}